[Git][security-tracker-team/security-tracker][master] Add two new trafficserver issues (CVE-2021-44759, CVE-2021-44040)

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e2b93b0 by Salvatore Bonaccorso at 2022-03-24T22:13:12+01:00
Add two new trafficserver issues (CVE-2021-44759, CVE-2021-44040)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21691,7 +21691,10 @@ CVE-2021-23170
 CVE-2021-23148
 	RESERVED
 CVE-2021-44759 (Improper Authentication vulnerability in TLS origin validation of Apac ...)
-	TODO: check
+	- trafficserver 9.1.0+ds-1
+	NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6
+	NOTE: Mark first 9.x version as fixed version, as the issue only affects versions
+	NOTE: 8.x up to 8.1.3.
 CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...)
 	NOT-FOR-US: McAfee
 CVE-2021-4087
@@ -23925,7 +23928,8 @@ CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During W
 CVE-2022-21742
 	RESERVED
 CVE-2021-44040 (Improper Input Validation vulnerability in request line parsing of Apa ...)
-	TODO: check
+	- trafficserver <unfixed>
+	NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6
 CVE-2021-44039
 	RESERVED
 CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2b93b06968be9152ddd9e735a0cc00298b6387

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2b93b06968be9152ddd9e735a0cc00298b6387
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/463e1a9a/attachment.htm>